DNSSEC Debugger - bogus.d2a1n1.rootcanary.net

Domain Name:

Time: 2025-05-21 05:35:56 UTC

Analyzing DNSSEC problems for bogus.d2a1n1.rootcanary.net

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to h.root-servers.net for ./DNSKEY
	Received 1139 bytes from 198.97.190.53
	;; Response received from [198.97.190.53] 1139 octets ;; HEADER SECTION ;; id = 20111 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 4 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (4 records) . 172800 IN DNSKEY ( 256 3 8 AwEAAbEbGCpGTDrcZTWqWWE72nphyshpRcILdzCVlBGU9Ln1Fui9kkseUOP+g5GLUeVFKdTloeRT A9+EYiQdXgWXmXmuW/nGxZjAikluF/O9NzLVrr5iZnth2xu+F48nrJlAgWWiMNau54NI5sZ3iVQf hFsq2pZmf43RauRPniYMShOLO7EBWWXr5glDSgZGS9fSm6xHwwF+g8D4m8oanjvdCBNxXzSEKS31 ibxjLifTfvwCg3y4XXcNW9U6Nu3JmoKUdxqpPPIkBvVQbIz4UO2FwaR13uXC03ALP1Yx2QNSS4SZ lcIMtAftQR9wtCiuPWQnFv4jkzWqlhp1Lmf7bcoL9yk= ) ; keytag 53148 . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326 . 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20250601000000 20250511000000 20326 . VWTPvGJYPHue7aTc+b49y1cCggFM0t6ULKEPuAeITCgRgd5aAee5yrqEirwkq/Us7zDM1g1HliOO L8kCVbZ6ub5esuVSjlZ/mcEOdlOrkXt4I6AiVhAbaaCaOsEO7XiNaEWbNqiSQ0RcS7h2/A1E7thx F4xr9n8IXSI9bzyoGsH+HBf01Pne5ko34JgS2AuQj6pmksimN0GZ+/TTTtuo0w+mBbWswth1HCB6 5KuFuKfT4T97pLDK1ElPsFR2Ue7m7HMZeKfsb4nWg7LOCfGQVVu+bOVlgqIduXVgu/MsGbGd1A4+ /Wq7j5l7451NQeXfapnGtgJK9tsD1e1yZ83AbQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 3 DNSKEY records for .
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAbEbGCpGTDrcZTWqWWE72nphyshpRcILdzCVlBGU9Ln1Fui9kkseUOP+g5GLUeVFKdTloeRT A9+EYiQdXgWXmXmuW/nGxZjAikluF/O9NzLVrr5iZnth2xu+F48nrJlAgWWiMNau54NI5sZ3iVQf hFsq2pZmf43RauRPniYMShOLO7EBWWXr5glDSgZGS9fSm6xHwwF+g8D4m8oanjvdCBNxXzSEKS31 ibxjLifTfvwCg3y4XXcNW9U6Nu3JmoKUdxqpPPIkBvVQbIz4UO2FwaR13uXC03ALP1Yx2QNSS4SZ lcIMtAftQR9wtCiuPWQnFv4jkzWqlhp1Lmf7bcoL9yk= ) ; keytag 53148`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; keytag 20326`
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAa96jeuknZlaeSrvyAJj6ZHv28hhOKkx3rLGXVaC6rXTsDc449/cidltpkyGwCJNnOAlFNKF 2jBosZBU5eeHspaQWOmOElZsjICMQMC3aeHbGiShvZsx4wMYSjH8e7Vrhbu6irwCzVBApESjbUdp WWmEnhathWu1jo+siFUiRAAxm9qyJNg/wOZqqzL/dL/q8PkcRU5oUKEpUge71M3ej2/7CPqpdVwu MoTvoB+ZOT4YeGyxMvHmbrxlFzGOHOijtzN+u1TQNatX2XBuzZNQ1K+s2CXkPIZo7s6JgZyvaBev YtxPvYLw4z9mR7K2vaF18UYH9Z9GNUUeayffKC73PYc= ) ; keytag 38696`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20250601000000 20250511000000 20326 . VWTPvGJYPHue7aTc+b49y1cCggFM0t6ULKEPuAeITCgRgd5aAee5yrqEirwkq/Us7zDM1g1HliOO L8kCVbZ6ub5esuVSjlZ/mcEOdlOrkXt4I6AiVhAbaaCaOsEO7XiNaEWbNqiSQ0RcS7h2/A1E7thx F4xr9n8IXSI9bzyoGsH+HBf01Pne5ko34JgS2AuQj6pmksimN0GZ+/TTTtuo0w+mBbWswth1HCB6 5KuFuKfT4T97pLDK1ElPsFR2Ue7m7HMZeKfsb4nWg7LOCfGQVVu+bOVlgqIduXVgu/MsGbGd1A4+ /Wq7j5l7451NQeXfapnGtgJK9tsD1e1yZ83AbQ== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=53148 is now in the chain-of-trust
	DNSKEY=38696/SEP is now in the chain-of-trust
	Query to g.root-servers.net for bogus.d2a1n1.rootcanary.net/A
	Received 1190 bytes from 192.112.36.4
	;; Response received from [192.112.36.4] 1190 octets ;; HEADER SECTION ;; id = 49415 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 15 arcount = 27 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; bogus.d2a1n1.rootcanary.net. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (15 records) net. 172800 IN NS d.gtld-servers.net. net. 172800 IN NS m.gtld-servers.net. net. 172800 IN NS e.gtld-servers.net. net. 172800 IN NS k.gtld-servers.net. net. 172800 IN NS b.gtld-servers.net. net. 172800 IN NS i.gtld-servers.net. net. 172800 IN NS a.gtld-servers.net. net. 172800 IN NS c.gtld-servers.net. net. 172800 IN NS g.gtld-servers.net. net. 172800 IN NS h.gtld-servers.net. net. 172800 IN NS j.gtld-servers.net. net. 172800 IN NS f.gtld-servers.net. net. 172800 IN NS l.gtld-servers.net. net. 86400 IN DS ( 37331 13 2 2f0bec2d6f79dfbd1d08fd21a3af92d0e39a4b9ef1e3f4111fff282490da453b ) net. 86400 IN RRSIG ( DS 8 1 86400 20250602170000 20250520160000 53148 . ijURsBR0dZtL0gvvCsMtE9SIVjEJjvPeluGQXsLh4Sv1asLUmU2XKhr0JUjfq4UwdshOvcuLCzTT /a1cUi9IKYn4UI4vgqAp4KOqfZM7qYTTgVtOWtW43uN4WkGQ8KcRJ9u2Hq1P7MBXr6GwHtVmUSe2 /ecCeIficw7ItRrwmXPNTLxf0BbKWWUckRh56caXxQD85sITyVBcWwplf/+P4S0caJXLSdvyWSh4 Ssob9Itbb71LSU/CjigRvzeMZqyT0Tkg4JUaRZ1YfjkElgmFSj/bh/zscwHure8Lpua0o1/i2EYr ok1ibbtPV6Pui/+YwZyiA5Bq/qmFaEFonQSI7A== ) ;; ADDITIONAL SECTION (27 records) m.gtld-servers.net. 172800 IN A 192.55.83.30 l.gtld-servers.net. 172800 IN A 192.41.162.30 k.gtld-servers.net. 172800 IN A 192.52.178.30 j.gtld-servers.net. 172800 IN A 192.48.79.30 i.gtld-servers.net. 172800 IN A 192.43.172.30 h.gtld-servers.net. 172800 IN A 192.54.112.30 g.gtld-servers.net. 172800 IN A 192.42.93.30 f.gtld-servers.net. 172800 IN A 192.35.51.30 e.gtld-servers.net. 172800 IN A 192.12.94.30 d.gtld-servers.net. 172800 IN A 192.31.80.30 c.gtld-servers.net. 172800 IN A 192.26.92.30 b.gtld-servers.net. 172800 IN A 192.33.14.30 a.gtld-servers.net. 172800 IN A 192.5.6.30 m.gtld-servers.net. 172800 IN AAAA 2001:501:b1f9::30 l.gtld-servers.net. 172800 IN AAAA 2001:500:d937::30 k.gtld-servers.net. 172800 IN AAAA 2001:503:d2d::30 j.gtld-servers.net. 172800 IN AAAA 2001:502:7094::30 i.gtld-servers.net. 172800 IN AAAA 2001:503:39c1::30 h.gtld-servers.net. 172800 IN AAAA 2001:502:8cc::30 g.gtld-servers.net. 172800 IN AAAA 2001:503:eea3::30 f.gtld-servers.net. 172800 IN AAAA 2001:503:d414::30 e.gtld-servers.net. 172800 IN AAAA 2001:502:1ca1::30 d.gtld-servers.net. 172800 IN AAAA 2001:500:856e::30 c.gtld-servers.net. 172800 IN AAAA 2001:503:83eb::30 b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30 a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30 ;; { "EDNS-VERSION": 0 }
	Query to m.root-servers.net for net/DNSKEY
	Received 1163 bytes from 202.12.27.33
	;; Response received from [202.12.27.33] 1163 octets ;; HEADER SECTION ;; id = 43014 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 15 arcount = 27 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; net. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (15 records) net. 172800 IN NS m.gtld-servers.net. net. 172800 IN NS e.gtld-servers.net. net. 172800 IN NS f.gtld-servers.net. net. 172800 IN NS b.gtld-servers.net. net. 172800 IN NS k.gtld-servers.net. net. 172800 IN NS i.gtld-servers.net. net. 172800 IN NS l.gtld-servers.net. net. 172800 IN NS d.gtld-servers.net. net. 172800 IN NS j.gtld-servers.net. net. 172800 IN NS a.gtld-servers.net. net. 172800 IN NS h.gtld-servers.net. net. 172800 IN NS c.gtld-servers.net. net. 172800 IN NS g.gtld-servers.net. net. 86400 IN DS ( 37331 13 2 2f0bec2d6f79dfbd1d08fd21a3af92d0e39a4b9ef1e3f4111fff282490da453b ) net. 86400 IN RRSIG ( DS 8 1 86400 20250602170000 20250520160000 53148 . ijURsBR0dZtL0gvvCsMtE9SIVjEJjvPeluGQXsLh4Sv1asLUmU2XKhr0JUjfq4UwdshOvcuLCzTT /a1cUi9IKYn4UI4vgqAp4KOqfZM7qYTTgVtOWtW43uN4WkGQ8KcRJ9u2Hq1P7MBXr6GwHtVmUSe2 /ecCeIficw7ItRrwmXPNTLxf0BbKWWUckRh56caXxQD85sITyVBcWwplf/+P4S0caJXLSdvyWSh4 Ssob9Itbb71LSU/CjigRvzeMZqyT0Tkg4JUaRZ1YfjkElgmFSj/bh/zscwHure8Lpua0o1/i2EYr ok1ibbtPV6Pui/+YwZyiA5Bq/qmFaEFonQSI7A== ) ;; ADDITIONAL SECTION (27 records) m.gtld-servers.net. 172800 IN A 192.55.83.30 l.gtld-servers.net. 172800 IN A 192.41.162.30 k.gtld-servers.net. 172800 IN A 192.52.178.30 j.gtld-servers.net. 172800 IN A 192.48.79.30 i.gtld-servers.net. 172800 IN A 192.43.172.30 h.gtld-servers.net. 172800 IN A 192.54.112.30 g.gtld-servers.net. 172800 IN A 192.42.93.30 f.gtld-servers.net. 172800 IN A 192.35.51.30 e.gtld-servers.net. 172800 IN A 192.12.94.30 d.gtld-servers.net. 172800 IN A 192.31.80.30 c.gtld-servers.net. 172800 IN A 192.26.92.30 b.gtld-servers.net. 172800 IN A 192.33.14.30 a.gtld-servers.net. 172800 IN A 192.5.6.30 m.gtld-servers.net. 172800 IN AAAA 2001:501:b1f9::30 l.gtld-servers.net. 172800 IN AAAA 2001:500:d937::30 k.gtld-servers.net. 172800 IN AAAA 2001:503:d2d::30 j.gtld-servers.net. 172800 IN AAAA 2001:502:7094::30 i.gtld-servers.net. 172800 IN AAAA 2001:503:39c1::30 h.gtld-servers.net. 172800 IN AAAA 2001:502:8cc::30 g.gtld-servers.net. 172800 IN AAAA 2001:503:eea3::30 f.gtld-servers.net. 172800 IN AAAA 2001:503:d414::30 e.gtld-servers.net. 172800 IN AAAA 2001:502:1ca1::30 d.gtld-servers.net. 172800 IN AAAA 2001:500:856e::30 c.gtld-servers.net. 172800 IN AAAA 2001:503:83eb::30 b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30 a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30 ;; { "EDNS-VERSION": 0 }
	Found child zone net

net

	Checking DS between . and net
	Query to c.root-servers.net for net/DS
	Received 367 bytes from 192.33.4.12
	;; Response received from [192.33.4.12] 367 octets ;; HEADER SECTION ;; id = 60198 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; net. IN DS ;; ANSWER SECTION (2 records) net. 86400 IN DS ( 37331 13 2 2f0bec2d6f79dfbd1d08fd21a3af92d0e39a4b9ef1e3f4111fff282490da453b ) net. 86400 IN RRSIG ( DS 8 1 86400 20250602170000 20250520160000 53148 . ijURsBR0dZtL0gvvCsMtE9SIVjEJjvPeluGQXsLh4Sv1asLUmU2XKhr0JUjfq4UwdshOvcuLCzTT /a1cUi9IKYn4UI4vgqAp4KOqfZM7qYTTgVtOWtW43uN4WkGQ8KcRJ9u2Hq1P7MBXr6GwHtVmUSe2 /ecCeIficw7ItRrwmXPNTLxf0BbKWWUckRh56caXxQD85sITyVBcWwplf/+P4S0caJXLSdvyWSh4 Ssob9Itbb71LSU/CjigRvzeMZqyT0Tkg4JUaRZ1YfjkElgmFSj/bh/zscwHure8Lpua0o1/i2EYr ok1ibbtPV6Pui/+YwZyiA5Bq/qmFaEFonQSI7A== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for net in the . zone
	DS=37331/SHA-256 has algorithm ECDSAP256SHA256
	Found 1 RRSIGs over DS RRset
	`net. 86400 IN RRSIG ( DS 8 1 86400 20250602170000 20250520160000 53148 . ijURsBR0dZtL0gvvCsMtE9SIVjEJjvPeluGQXsLh4Sv1asLUmU2XKhr0JUjfq4UwdshOvcuLCzTT /a1cUi9IKYn4UI4vgqAp4KOqfZM7qYTTgVtOWtW43uN4WkGQ8KcRJ9u2Hq1P7MBXr6GwHtVmUSe2 /ecCeIficw7ItRrwmXPNTLxf0BbKWWUckRh56caXxQD85sITyVBcWwplf/+P4S0caJXLSdvyWSh4 Ssob9Itbb71LSU/CjigRvzeMZqyT0Tkg4JUaRZ1YfjkElgmFSj/bh/zscwHure8Lpua0o1/i2EYr ok1ibbtPV6Pui/+YwZyiA5Bq/qmFaEFonQSI7A== )`
	RRSIG=53148 and DNSKEY=53148 verifies the DS RRset
	DS=37331/SHA-256 is now in the chain-of-trust
	`net. 86400 IN DS ( 37331 13 2 2f0bec2d6f79dfbd1d08fd21a3af92d0e39a4b9ef1e3f4111fff282490da453b )`
	Query to c.gtld-servers.net for net/DNSKEY
	Received 291 bytes from 192.26.92.30
	;; Response received from [192.26.92.30] 291 octets ;; HEADER SECTION ;; id = 40475 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; net. IN DNSKEY ;; ANSWER SECTION (3 records) net. 86400 IN DNSKEY ( 256 3 13 16NvlxmHDHZoafgfgQSqMzWNHJPVXuq7/qyicuulQJHyyBrjltAVFAMZN5TR173kCAoeearbeoQB PRJqmYFXxQ== ) ; keytag 45412 net. 86400 IN DNSKEY ( 257 3 13 HiBoGpzDRAgrDmUXXTSnl7jCX6Hx5bzkU2jSxMbVI01yS+13EyOghnCidBXU0bH2gi2w9GhYGacp U6CrtwoFNg== ) ; keytag 37331 net. 86400 IN RRSIG ( DNSKEY 13 1 86400 20250527141035 20250512140535 37331 net. RyqsVfltEZ5zGlDmlv309Hk3LvWlAIpYOShtA8swYEZ7NjWOjhs7AwvZPbdcYsfdE4Mg9iS3PnBW RlQFfIh3nA== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for net
	`net. 86400 IN DNSKEY ( 256 3 13 16NvlxmHDHZoafgfgQSqMzWNHJPVXuq7/qyicuulQJHyyBrjltAVFAMZN5TR173kCAoeearbeoQB PRJqmYFXxQ== ) ; keytag 45412`
	`net. 86400 IN DNSKEY ( 257 3 13 HiBoGpzDRAgrDmUXXTSnl7jCX6Hx5bzkU2jSxMbVI01yS+13EyOghnCidBXU0bH2gi2w9GhYGacp U6CrtwoFNg== ) ; keytag 37331`
	DNSKEY=37331/SEP is now in the chain-of-trust
	DS=37331/SHA-256 verifies DNSKEY=37331/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`net. 86400 IN RRSIG ( DNSKEY 13 1 86400 20250527141035 20250512140535 37331 net. RyqsVfltEZ5zGlDmlv309Hk3LvWlAIpYOShtA8swYEZ7NjWOjhs7AwvZPbdcYsfdE4Mg9iS3PnBW RlQFfIh3nA== )`
	RRSIG=37331 and DNSKEY=37331/SEP verifies the DNSKEY RRset
	DNSKEY=45412 is now in the chain-of-trust
	Query to m.gtld-servers.net for bogus.d2a1n1.rootcanary.net/A
	Received 341 bytes from 192.55.83.30
	;; Response received from [192.55.83.30] 341 octets ;; HEADER SECTION ;; id = 61980 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 3 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; bogus.d2a1n1.rootcanary.net. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) rootcanary.net. 172800 IN NS ns1.surfnet.nl. rootcanary.net. 172800 IN NS ns2.surfnet.nl. rootcanary.net. 172800 IN NS ns3.surfnet.nl. rootcanary.net. 172800 IN NS ns1.zurich.surf.net. rootcanary.net. 86400 IN DS ( 64786 8 2 5cd8f125f5487708121a497bd0b1079406add42002b3c195ee0669d2aeb763c9 ) rootcanary.net. 86400 IN RRSIG ( DS 13 2 86400 20250527025907 20250520014907 45412 net. 0q7p/zLjbwmCwuZ5zo6MAsK+yNaSudGGuUXfcRAyS19XS/5IZFj5kUspR4tkk03OHAfB/XwpC1p5 7K9CXw5dbA== ) ;; ADDITIONAL SECTION (3 records) ns1.zurich.surf.net. 172800 IN A 195.176.255.9 ns1.zurich.surf.net. 172800 IN AAAA 2001:620:0:9::1103 ;; { "EDNS-VERSION": 0 }
	Query to d.gtld-servers.net for rootcanary.net/DNSKEY
	Received 328 bytes from 192.31.80.30
	;; Response received from [192.31.80.30] 328 octets ;; HEADER SECTION ;; id = 47313 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 6 arcount = 3 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; rootcanary.net. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) rootcanary.net. 172800 IN NS ns1.surfnet.nl. rootcanary.net. 172800 IN NS ns2.surfnet.nl. rootcanary.net. 172800 IN NS ns3.surfnet.nl. rootcanary.net. 172800 IN NS ns1.zurich.surf.net. rootcanary.net. 86400 IN DS ( 64786 8 2 5cd8f125f5487708121a497bd0b1079406add42002b3c195ee0669d2aeb763c9 ) rootcanary.net. 86400 IN RRSIG ( DS 13 2 86400 20250527025907 20250520014907 45412 net. 0q7p/zLjbwmCwuZ5zo6MAsK+yNaSudGGuUXfcRAyS19XS/5IZFj5kUspR4tkk03OHAfB/XwpC1p5 7K9CXw5dbA== ) ;; ADDITIONAL SECTION (3 records) ns1.zurich.surf.net. 172800 IN A 195.176.255.9 ns1.zurich.surf.net. 172800 IN AAAA 2001:620:0:9::1103 ;; { "EDNS-VERSION": 0 }
	Found child zone rootcanary.net

rootcanary.net

	Checking DS between net and rootcanary.net
	Query to e.gtld-servers.net for rootcanary.net/DS
	Received 1082 bytes from 192.12.94.30
	;; Response received from [192.12.94.30] 1082 octets ;; HEADER SECTION ;; id = 4733 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 14 arcount = 27 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 4096, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; rootcanary.net. IN DS ;; ANSWER SECTION (2 records) rootcanary.net. 86400 IN DS ( 64786 8 2 5cd8f125f5487708121a497bd0b1079406add42002b3c195ee0669d2aeb763c9 ) rootcanary.net. 86400 IN RRSIG ( DS 13 2 86400 20250527025907 20250520014907 45412 net. 0q7p/zLjbwmCwuZ5zo6MAsK+yNaSudGGuUXfcRAyS19XS/5IZFj5kUspR4tkk03OHAfB/XwpC1p5 7K9CXw5dbA== ) ;; AUTHORITY SECTION (14 records) net. 172800 IN NS k.gtld-servers.net. net. 172800 IN NS e.gtld-servers.net. net. 172800 IN NS m.gtld-servers.net. net. 172800 IN NS g.gtld-servers.net. net. 172800 IN NS a.gtld-servers.net. net. 172800 IN NS f.gtld-servers.net. net. 172800 IN NS j.gtld-servers.net. net. 172800 IN NS i.gtld-servers.net. net. 172800 IN NS c.gtld-servers.net. net. 172800 IN NS b.gtld-servers.net. net. 172800 IN NS d.gtld-servers.net. net. 172800 IN NS l.gtld-servers.net. net. 172800 IN NS h.gtld-servers.net. net. 172800 IN RRSIG ( NS 13 1 172800 20250525044358 20250518033358 45412 net. UHEdjQBYOm4IFWvAVKNrg2B6LiQUX5Ob+m5ElyqL1KuT1ZnPHznr6V4bkWJSVXfT7SnPZb+F8ylC 8UvrUX+1QA== ) ;; ADDITIONAL SECTION (27 records) k.gtld-servers.net. 172800 IN A 192.52.178.30 k.gtld-servers.net. 172800 IN AAAA 2001:503:d2d::30 e.gtld-servers.net. 172800 IN A 192.12.94.30 e.gtld-servers.net. 172800 IN AAAA 2001:502:1ca1::30 m.gtld-servers.net. 172800 IN A 192.55.83.30 m.gtld-servers.net. 172800 IN AAAA 2001:501:b1f9::30 g.gtld-servers.net. 172800 IN A 192.42.93.30 g.gtld-servers.net. 172800 IN AAAA 2001:503:eea3::30 a.gtld-servers.net. 172800 IN A 192.5.6.30 a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30 f.gtld-servers.net. 172800 IN A 192.35.51.30 f.gtld-servers.net. 172800 IN AAAA 2001:503:d414::30 j.gtld-servers.net. 172800 IN A 192.48.79.30 j.gtld-servers.net. 172800 IN AAAA 2001:502:7094::30 i.gtld-servers.net. 172800 IN A 192.43.172.30 i.gtld-servers.net. 172800 IN AAAA 2001:503:39c1::30 c.gtld-servers.net. 172800 IN A 192.26.92.30 c.gtld-servers.net. 172800 IN AAAA 2001:503:83eb::30 b.gtld-servers.net. 172800 IN A 192.33.14.30 b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30 d.gtld-servers.net. 172800 IN A 192.31.80.30 d.gtld-servers.net. 172800 IN AAAA 2001:500:856e::30 l.gtld-servers.net. 172800 IN A 192.41.162.30 l.gtld-servers.net. 172800 IN AAAA 2001:500:d937::30 h.gtld-servers.net. 172800 IN A 192.54.112.30 h.gtld-servers.net. 172800 IN AAAA 2001:502:8cc::30 ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for rootcanary.net in the net zone
	DS=64786/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`rootcanary.net. 86400 IN RRSIG ( DS 13 2 86400 20250527025907 20250520014907 45412 net. 0q7p/zLjbwmCwuZ5zo6MAsK+yNaSudGGuUXfcRAyS19XS/5IZFj5kUspR4tkk03OHAfB/XwpC1p5 7K9CXw5dbA== )`
	RRSIG=45412 and DNSKEY=45412 verifies the DS RRset
	DS=64786/SHA-256 is now in the chain-of-trust
	`rootcanary.net. 86400 IN DS ( 64786 8 2 5cd8f125f5487708121a497bd0b1079406add42002b3c195ee0669d2aeb763c9 )`
	Query to ns1.zurich.surf.net for rootcanary.net/DNSKEY
	Received 513 bytes from 195.176.255.9
	;; Response received from [195.176.255.9] 513 octets ;; HEADER SECTION ;; id = 58618 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; rootcanary.net. IN DNSKEY ;; ANSWER SECTION (3 records) rootcanary.net. 60 IN DNSKEY ( 257 3 8 AwEAAdDk0xPx74/+J4BFAtodd6j2yTDoX9D+paSjzxVl+jMQmrsrQprdBxX3fale9f62j4oo7scf U+wabBXl56lehbw/wds6oVqDNun9ORQisXhIq9H+u3a9WtTAF+OQyPoSirRLYdNR7+wWvb88L27w 88+jL0gkFb8klGzr03EFrq6r ) ; keytag 64786 rootcanary.net. 60 IN DNSKEY ( 256 3 8 AwEAAbTt2EpLNxL2BJh6zgrhiEBK1sfxYPvEQgQkM1O53+lnT+c8W+9lYMhI1m2mLwecKvq7ePok 5d1XO11UKUXV5pRD9d66qXLwDxMJ4krEMlOvmMS/HWskybkREtMdPdcv5eNdtuT8VeCPTGZuoNe2 oEK4NFSUU5eG0pkWo27Kl3oV ) ; keytag 25188 rootcanary.net. 60 IN RRSIG ( DNSKEY 8 2 60 20250628063703 20250513063703 64786 rootcanary.net. aIP/IuRG70gsI6uozYptIh6O5JKztb3cuOsajdl3XdVOSLysvd7U3tvykHNiMRtPSTuociGJANd5 Rq7tZOP7jcMERMwHS9mvQu0W2TtO4FNIoaOhvu/0OTZkI+Thvx4lxJR5r2Hn+FIB+A1DfUyKNc5S 1ngIA4qGmP3q1PyK2is= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 2 DNSKEY records for rootcanary.net
	`rootcanary.net. 60 IN DNSKEY ( 257 3 8 AwEAAdDk0xPx74/+J4BFAtodd6j2yTDoX9D+paSjzxVl+jMQmrsrQprdBxX3fale9f62j4oo7scf U+wabBXl56lehbw/wds6oVqDNun9ORQisXhIq9H+u3a9WtTAF+OQyPoSirRLYdNR7+wWvb88L27w 88+jL0gkFb8klGzr03EFrq6r ) ; keytag 64786`
	`rootcanary.net. 60 IN DNSKEY ( 256 3 8 AwEAAbTt2EpLNxL2BJh6zgrhiEBK1sfxYPvEQgQkM1O53+lnT+c8W+9lYMhI1m2mLwecKvq7ePok 5d1XO11UKUXV5pRD9d66qXLwDxMJ4krEMlOvmMS/HWskybkREtMdPdcv5eNdtuT8VeCPTGZuoNe2 oEK4NFSUU5eG0pkWo27Kl3oV ) ; keytag 25188`
	DNSKEY=64786/SEP is now in the chain-of-trust
	DS=64786/SHA-256 verifies DNSKEY=64786/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`rootcanary.net. 60 IN RRSIG ( DNSKEY 8 2 60 20250628063703 20250513063703 64786 rootcanary.net. aIP/IuRG70gsI6uozYptIh6O5JKztb3cuOsajdl3XdVOSLysvd7U3tvykHNiMRtPSTuociGJANd5 Rq7tZOP7jcMERMwHS9mvQu0W2TtO4FNIoaOhvu/0OTZkI+Thvx4lxJR5r2Hn+FIB+A1DfUyKNc5S 1ngIA4qGmP3q1PyK2is= )`
	RRSIG=64786 and DNSKEY=64786/SEP verifies the DNSKEY RRset
	DNSKEY=25188 is now in the chain-of-trust
	Query to ns1.zurich.surf.net for bogus.d2a1n1.rootcanary.net/A
	Received 253 bytes from 195.176.255.9
	;; Response received from [195.176.255.9] 253 octets ;; HEADER SECTION ;; id = 11547 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; bogus.d2a1n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d2a1n1.rootcanary.net. 60 IN A 145.97.20.20 bogus.d2a1n1.rootcanary.net. 60 IN RRSIG ( A 1 4 60 20250628063703 20250513063703 11102 d2a1n1.rootcanary.net. ugsKax0xQ5OlXjMKiyW4aXLuwG7Mk7A5YH4SWd/l24XA2qtSD67EAJDqzBQBv2nF8qM4FEuEhdMx DFbvvzKr4UvWZwpvaiGRDZFWcKXIl7cTJOYfLFulKS+I6Js9J1EnmYFi5dWzMDy43QWGja/2oiqP glfSDS3rq4efSyZ3vhs= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	ns1.zurich.surf.net is authoritative for bogus.d2a1n1.rootcanary.net
	Query to ns1.zurich.surf.net for d2a1n1.rootcanary.net/DNSKEY
	Received 379 bytes from 195.176.255.9
	;; Response received from [195.176.255.9] 379 octets ;; HEADER SECTION ;; id = 59980 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; d2a1n1.rootcanary.net. IN DNSKEY ;; ANSWER SECTION (2 records) d2a1n1.rootcanary.net. 60 IN DNSKEY ( 257 3 1 AwEAAdXdLh4S/z+hiYnykt3tRC2jUcdhRto7PbSxyz20iS+WSJrPCVM6KyeCRYO3/2RxOruwD02M /WO3b1bUgnj+XhTn+oAxV2pZPxulTVmqmuQccE+2FocU83c7VQYje+Q2i2AW95YTPD7AEMLreC3x 8A7aRFVxwXXwvkjmaNu0K14x ) ; keytag 11102 d2a1n1.rootcanary.net. 60 IN RRSIG ( DNSKEY 1 3 60 20250628063703 20250513063703 11102 d2a1n1.rootcanary.net. hdClqiKQn+7P7gRhwurY3MyKB4kvhXjtuv16w7nLz0b43ezYGbgSabfukERmOuMqA157IxqEf4WJ jA9CsT3fvqs0HCni/HuAVXoh9L5CVYHr1il5NBsKy5ILCblfHRTedVYdbMgVJQaJK6prr6bT5bOk wuSnsmafqINVgmwOyZo= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found child zone d2a1n1.rootcanary.net
	Attempting to learn nameservers for d2a1n1.rootcanary.net
	Query to ns1.zurich.surf.net for d2a1n1.rootcanary.net/NS
	Received 279 bytes from 195.176.255.9
	;; Response received from [195.176.255.9] 279 octets ;; HEADER SECTION ;; id = 9331 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 3 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; d2a1n1.rootcanary.net. IN NS ;; ANSWER SECTION (3 records) d2a1n1.rootcanary.net. 60 IN NS sec2.rcode0.net. d2a1n1.rootcanary.net. 60 IN NS sec1.rcode0.net. d2a1n1.rootcanary.net. 60 IN RRSIG ( NS 1 3 60 20250628063703 20250513063703 11102 d2a1n1.rootcanary.net. RDM/q9xSftBzopKbiDpfOvxgr5OhYUJrExjukCkw5ltKDSNZhYQgtT5FuD8oUFEucA3srB5OxMZs kupUV8QKSeKTfTOASYZ+KVZB9Fqxb6336Qav7lsz7Sv1OJW+MisWg/zCFYOYI7Bc+mYfVC+uAHUW PvXeBx7juSq8TTMH6JU= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found d2a1n1.rootcanary.net nameservers: sec2.rcode0.net, sec1.rcode0.net

d2a1n1.rootcanary.net

	Checking DS between rootcanary.net and d2a1n1.rootcanary.net
	Query to ns3.surfnet.nl for d2a1n1.rootcanary.net/DS
	Received 272 bytes from 195.169.124.71
	;; Response received from [195.169.124.71] 272 octets ;; HEADER SECTION ;; id = 21597 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1232, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; d2a1n1.rootcanary.net. IN DS ;; ANSWER SECTION (2 records) d2a1n1.rootcanary.net. 60 IN DS ( 11102 1 2 61a8b809ca2e35b9a082a9998c2b33cb1657b1151d65bdb92805592b181c9382 ) d2a1n1.rootcanary.net. 60 IN RRSIG ( DS 8 3 60 20250628063703 20250513063703 25188 rootcanary.net. LwI0XpTOWlBSQ2WMJckLHsBSxJk2rWvm7ZAY2IkhQL2WRP59FqsMMMCdkrLXt1Jsq1wSWRyr3XXD ulYS8JlpeqgZBZIg4XAWDrW0jdqHWrTfU909uxPmT7anxWqM8/Yohr9ip5y5p0kfxmnhkeo1vOph LiHrdNu0M7AYKQSJMsQ= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DS records for d2a1n1.rootcanary.net in the rootcanary.net zone
	DS=11102/SHA-256 has algorithm RSAMD5
	Found 1 RRSIGs over DS RRset
	`d2a1n1.rootcanary.net. 60 IN RRSIG ( DS 8 3 60 20250628063703 20250513063703 25188 rootcanary.net. LwI0XpTOWlBSQ2WMJckLHsBSxJk2rWvm7ZAY2IkhQL2WRP59FqsMMMCdkrLXt1Jsq1wSWRyr3XXD ulYS8JlpeqgZBZIg4XAWDrW0jdqHWrTfU909uxPmT7anxWqM8/Yohr9ip5y5p0kfxmnhkeo1vOph LiHrdNu0M7AYKQSJMsQ= )`
	RRSIG=25188 and DNSKEY=25188 verifies the DS RRset
	DS=11102/SHA-256 is now in the chain-of-trust
	`d2a1n1.rootcanary.net. 60 IN DS ( 11102 1 2 61a8b809ca2e35b9a082a9998c2b33cb1657b1151d65bdb92805592b181c9382 )`
	Query to sec2.rcode0.net for d2a1n1.rootcanary.net/DNSKEY
	Received 379 bytes from 176.97.158.100
	;; Response received from [176.97.158.100] 379 octets ;; HEADER SECTION ;; id = 50298 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1400, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; d2a1n1.rootcanary.net. IN DNSKEY ;; ANSWER SECTION (2 records) d2a1n1.rootcanary.net. 60 IN DNSKEY ( 257 3 1 AwEAAdXdLh4S/z+hiYnykt3tRC2jUcdhRto7PbSxyz20iS+WSJrPCVM6KyeCRYO3/2RxOruwD02M /WO3b1bUgnj+XhTn+oAxV2pZPxulTVmqmuQccE+2FocU83c7VQYje+Q2i2AW95YTPD7AEMLreC3x 8A7aRFVxwXXwvkjmaNu0K14x ) ; keytag 11102 d2a1n1.rootcanary.net. 60 IN RRSIG ( DNSKEY 1 3 60 20250628063703 20250513063703 11102 d2a1n1.rootcanary.net. hdClqiKQn+7P7gRhwurY3MyKB4kvhXjtuv16w7nLz0b43ezYGbgSabfukERmOuMqA157IxqEf4WJ jA9CsT3fvqs0HCni/HuAVXoh9L5CVYHr1il5NBsKy5ILCblfHRTedVYdbMgVJQaJK6prr6bT5bOk wuSnsmafqINVgmwOyZo= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found 1 DNSKEY records for d2a1n1.rootcanary.net
	`d2a1n1.rootcanary.net. 60 IN DNSKEY ( 257 3 1 AwEAAdXdLh4S/z+hiYnykt3tRC2jUcdhRto7PbSxyz20iS+WSJrPCVM6KyeCRYO3/2RxOruwD02M /WO3b1bUgnj+XhTn+oAxV2pZPxulTVmqmuQccE+2FocU83c7VQYje+Q2i2AW95YTPD7AEMLreC3x 8A7aRFVxwXXwvkjmaNu0K14x ) ; keytag 11102`
	DNSKEY=11102/SEP is now in the chain-of-trust
	DS=11102/SHA-256 verifies DNSKEY=11102/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`d2a1n1.rootcanary.net. 60 IN RRSIG ( DNSKEY 1 3 60 20250628063703 20250513063703 11102 d2a1n1.rootcanary.net. hdClqiKQn+7P7gRhwurY3MyKB4kvhXjtuv16w7nLz0b43ezYGbgSabfukERmOuMqA157IxqEf4WJ jA9CsT3fvqs0HCni/HuAVXoh9L5CVYHr1il5NBsKy5ILCblfHRTedVYdbMgVJQaJK6prr6bT5bOk wuSnsmafqINVgmwOyZo= )`
	RRSIG=11102 and DNSKEY=11102/SEP verifies the DNSKEY RRset
	Query to sec1.rcode0.net for bogus.d2a1n1.rootcanary.net/A
	Received 253 bytes from 192.174.68.100
	;; Response received from [192.174.68.100] 253 octets ;; HEADER SECTION ;; id = 24174 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1400, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; bogus.d2a1n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d2a1n1.rootcanary.net. 60 IN RRSIG ( A 1 4 60 20250628063703 20250513063703 11102 d2a1n1.rootcanary.net. ugsKax0xQ5OlXjMKiyW4aXLuwG7Mk7A5YH4SWd/l24XA2qtSD67EAJDqzBQBv2nF8qM4FEuEhdMx DFbvvzKr4UvWZwpvaiGRDZFWcKXIl7cTJOYfLFulKS+I6Js9J1EnmYFi5dWzMDy43QWGja/2oiqP glfSDS3rq4efSyZ3vhs= ) bogus.d2a1n1.rootcanary.net. 60 IN A 145.97.20.20 ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	sec1.rcode0.net is authoritative for bogus.d2a1n1.rootcanary.net
	Query to sec2.rcode0.net for bogus.d2a1n1.rootcanary.net/DNSKEY
	Received 530 bytes from 176.97.158.100
	;; Response received from [176.97.158.100] 530 octets ;; HEADER SECTION ;; id = 31459 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1400, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; bogus.d2a1n1.rootcanary.net. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) d2a1n1.rootcanary.net. 60 IN SOA ( ns1.surfnet.nl. dns-beheer.surfnet.nl. 2025051406 ;serial 10800 ;refresh 3600 ;retry 604800 ;expire 86400 ;minimum ) d2a1n1.rootcanary.net. 60 IN RRSIG ( SOA 1 3 60 20250628063703 20250513063703 11102 d2a1n1.rootcanary.net. dQCiE6BhV3qqrkoFoSjw3Xt+VT484yuCAGzP8eBgOFK/ZxxLob9xQXbXJsfm+3qT9tGHHIVW2Gnn J2iGSo0kDCAwpotif4LQIDprKir/detfb3dlqFlsWdkXYszn2erH1L0aR6w3lrevUA6PBHQjMN8Y Jk/98l0GhheqZQGTcpk= ) bogus.d2a1n1.rootcanary.net. 60 IN NSEC ( *.bogus.d2a1n1.rootcanary.net. A AAAA RRSIG NSEC ) bogus.d2a1n1.rootcanary.net. 60 IN RRSIG ( NSEC 1 4 86400 20250628063703 20250513063703 11102 d2a1n1.rootcanary.net. kvnb5fuNOpksQQFXtcyQfuB2GAz5ZHrFwdfJrPKLyNvKlvBSP/U0gY2iV147RJEvTAh5Qb7kRreA eWAogx94/8BDs65NwjTl7wb0RvONDPY3XPhZ8Tivr9ZpHKJ/cnV0+k4CvHJAIlOh4bMiCcdUt26/ YE7bznlxvDHBclSHSbc= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found RRSIG signed by d2a1n1.rootcanary.net zone
	Query to sec2.rcode0.net for d2a1n1.rootcanary.net/SOA
	Received 292 bytes from 176.97.158.100
	;; Response received from [176.97.158.100] 292 octets ;; HEADER SECTION ;; id = 25564 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1400, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; d2a1n1.rootcanary.net. IN SOA ;; ANSWER SECTION (2 records) d2a1n1.rootcanary.net. 60 IN RRSIG ( SOA 1 3 60 20250628063703 20250513063703 11102 d2a1n1.rootcanary.net. dQCiE6BhV3qqrkoFoSjw3Xt+VT484yuCAGzP8eBgOFK/ZxxLob9xQXbXJsfm+3qT9tGHHIVW2Gnn J2iGSo0kDCAwpotif4LQIDprKir/detfb3dlqFlsWdkXYszn2erH1L0aR6w3lrevUA6PBHQjMN8Y Jk/98l0GhheqZQGTcpk= ) d2a1n1.rootcanary.net. 60 IN SOA ( ns1.surfnet.nl. dns-beheer.surfnet.nl. 2025051406 ;serial 10800 ;refresh 3600 ;retry 604800 ;expire 86400 ;minimum ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Query to sec1.rcode0.net for bogus.d2a1n1.rootcanary.net/A
	Received 253 bytes from 192.174.68.100
	;; Response received from [192.174.68.100] 253 octets ;; HEADER SECTION ;; id = 16778 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1400, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; bogus.d2a1n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d2a1n1.rootcanary.net. 60 IN RRSIG ( A 1 4 60 20250628063703 20250513063703 11102 d2a1n1.rootcanary.net. ugsKax0xQ5OlXjMKiyW4aXLuwG7Mk7A5YH4SWd/l24XA2qtSD67EAJDqzBQBv2nF8qM4FEuEhdMx DFbvvzKr4UvWZwpvaiGRDZFWcKXIl7cTJOYfLFulKS+I6Js9J1EnmYFi5dWzMDy43QWGja/2oiqP glfSDS3rq4efSyZ3vhs= ) bogus.d2a1n1.rootcanary.net. 60 IN A 145.97.20.20 ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	bogus.d2a1n1.rootcanary.net A RR has value 145.97.20.20
	Found 1 RRSIGs over A RRset
	`bogus.d2a1n1.rootcanary.net. 60 IN RRSIG ( A 1 4 60 20250628063703 20250513063703 11102 d2a1n1.rootcanary.net. ugsKax0xQ5OlXjMKiyW4aXLuwG7Mk7A5YH4SWd/l24XA2qtSD67EAJDqzBQBv2nF8qM4FEuEhdMx DFbvvzKr4UvWZwpvaiGRDZFWcKXIl7cTJOYfLFulKS+I6Js9J1EnmYFi5dWzMDy43QWGja/2oiqP glfSDS3rq4efSyZ3vhs= )`
	RRSIG=11102 and DNSKEY=11102/SEP does not verify the A RRset (signature verification failed)
	None of the 1 RRSIG and 1 DNSKEY records validate the A RRset
	The A RRset was not signed by any trusted keys

d2a1n1.rootcanary.net

	Query to sec2.rcode0.net for bogus.d2a1n1.rootcanary.net/A
	Received 253 bytes from 176.97.158.100
	;; Response received from [176.97.158.100] 253 octets ;; HEADER SECTION ;; id = 30135 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1400, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; bogus.d2a1n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d2a1n1.rootcanary.net. 60 IN A 145.97.20.20 bogus.d2a1n1.rootcanary.net. 60 IN RRSIG ( A 1 4 60 20250628063703 20250513063703 11102 d2a1n1.rootcanary.net. ugsKax0xQ5OlXjMKiyW4aXLuwG7Mk7A5YH4SWd/l24XA2qtSD67EAJDqzBQBv2nF8qM4FEuEhdMx DFbvvzKr4UvWZwpvaiGRDZFWcKXIl7cTJOYfLFulKS+I6Js9J1EnmYFi5dWzMDy43QWGja/2oiqP glfSDS3rq4efSyZ3vhs= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	sec2.rcode0.net is authoritative for bogus.d2a1n1.rootcanary.net
	Query to sec2.rcode0.net for bogus.d2a1n1.rootcanary.net/DNSKEY
	Received 530 bytes from 176.97.158.100
	;; Response received from [176.97.158.100] 530 octets ;; HEADER SECTION ;; id = 31399 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 0 ;; nscount = 4 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1400, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; bogus.d2a1n1.rootcanary.net. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) d2a1n1.rootcanary.net. 60 IN SOA ( ns1.surfnet.nl. dns-beheer.surfnet.nl. 2025051406 ;serial 10800 ;refresh 3600 ;retry 604800 ;expire 86400 ;minimum ) d2a1n1.rootcanary.net. 60 IN RRSIG ( SOA 1 3 60 20250628063703 20250513063703 11102 d2a1n1.rootcanary.net. dQCiE6BhV3qqrkoFoSjw3Xt+VT484yuCAGzP8eBgOFK/ZxxLob9xQXbXJsfm+3qT9tGHHIVW2Gnn J2iGSo0kDCAwpotif4LQIDprKir/detfb3dlqFlsWdkXYszn2erH1L0aR6w3lrevUA6PBHQjMN8Y Jk/98l0GhheqZQGTcpk= ) bogus.d2a1n1.rootcanary.net. 60 IN NSEC ( *.bogus.d2a1n1.rootcanary.net. A AAAA RRSIG NSEC ) bogus.d2a1n1.rootcanary.net. 60 IN RRSIG ( NSEC 1 4 86400 20250628063703 20250513063703 11102 d2a1n1.rootcanary.net. kvnb5fuNOpksQQFXtcyQfuB2GAz5ZHrFwdfJrPKLyNvKlvBSP/U0gY2iV147RJEvTAh5Qb7kRreA eWAogx94/8BDs65NwjTl7wb0RvONDPY3XPhZ8Tivr9ZpHKJ/cnV0+k4CvHJAIlOh4bMiCcdUt26/ YE7bznlxvDHBclSHSbc= ) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	Found RRSIG signed by d2a1n1.rootcanary.net zone
	Query to sec2.rcode0.net for bogus.d2a1n1.rootcanary.net/A
	Received 253 bytes from 176.97.158.100
	;; Response received from [176.97.158.100] 253 octets ;; HEADER SECTION ;; id = 10522 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; do = 1 co = 0 ;; qdcount = 1 ancount = 2 ;; nscount = 0 arcount = 1 ;; { "EDNS-VERSION": 0, ;; "FLAGS": "8000", ;; "RCODE": 0, ;; "UDPSIZE": 1400, ;; "OPTIONS": [ ] ;; } ;; QUESTION SECTION (1 record) ;; bogus.d2a1n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d2a1n1.rootcanary.net. 60 IN A 145.97.20.20 bogus.d2a1n1.rootcanary.net. 60 IN RRSIG ( A 1 4 60 20250628063703 20250513063703 11102 d2a1n1.rootcanary.net. ugsKax0xQ5OlXjMKiyW4aXLuwG7Mk7A5YH4SWd/l24XA2qtSD67EAJDqzBQBv2nF8qM4FEuEhdMx DFbvvzKr4UvWZwpvaiGRDZFWcKXIl7cTJOYfLFulKS+I6Js9J1EnmYFi5dWzMDy43QWGja/2oiqP glfSDS3rq4efSyZ3vhs= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; { "EDNS-VERSION": 0 }
	bogus.d2a1n1.rootcanary.net A RR has value 145.97.20.20
	Found 1 RRSIGs over A RRset
	`bogus.d2a1n1.rootcanary.net. 60 IN RRSIG ( A 1 4 60 20250628063703 20250513063703 11102 d2a1n1.rootcanary.net. ugsKax0xQ5OlXjMKiyW4aXLuwG7Mk7A5YH4SWd/l24XA2qtSD67EAJDqzBQBv2nF8qM4FEuEhdMx DFbvvzKr4UvWZwpvaiGRDZFWcKXIl7cTJOYfLFulKS+I6Js9J1EnmYFi5dWzMDy43QWGja/2oiqP glfSDS3rq4efSyZ3vhs= )`
	RRSIG=11102 and DNSKEY=11102/SEP does not verify the A RRset (signature verification failed)
	None of the 1 RRSIG and 1 DNSKEY records validate the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test bogus.d2a1n1.rootcanary.net at dnsviz.net.

DNSSEC Debugger

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: